Menu
I have a few services that are being consumed by clients within a secure zone. I've been asked to protect these services typically against development clients mistakenly connecting to the wrong service.
The idea was to pre-shared key (like a guid) which is set in the config for both the client and the service host. Whenever The client tries to consume the service it must present the correct key.
How would I go about configuring a service to implement this kind of security? How much customization is necessary?
612
You could easily add a custom message header to each call - pretty easy to do, actually, and it doesn't "pollute" your real service contract, e.g. you don't have to add extra parameters to your service calls just to pass this.
See these articles for info on how to achieve this:
Basically, you need to wrap your call to the service in a OperationContext - that's all, no ClientMessageInspector and other trickery needed :-)
using (OperationContextScope scope = new OperationContextScope(proxy))
{
Guid myToken = Guid.NewGuid();
MessageHeader<Guid> mhg = new MessageHeader<Guid>(myToken);
MessageHeader untyped = mhg.GetUntypedHeader("token", "ns");
OperationContext.Current.OutgoingMessageHeaders.Add(untyped);
proxy.DoOperation(...);
}
and on the server side, you can simply inspect the IncomingMessageHeaders collection:
Guid myToken = OperationContext.Current.
IncomingMessageHeaders.GetHeader<Guid>("token", "ns");
Marc
150
I would have the client send the key as an extra message header and create a IDispatchMessageInspector to check for the header and optionally reject it. This Code Project article describes the filter part based on the IP address.
29
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
